Login (WebSecurity Ref)

Logs a user in and takes three arguments: username, password and persistCookie. The last argument is optional.

Syntax

WebSecurity.Login(string username, string password, bool persisCookie)

Example

Sponsored Links

C# Code

@{
string username = "";
string password = "";
var rememberMe = false;
string msg ="";
 
   //IF THE USER IS LOOGED OUT AND REDIRECTED TO REQUIRE AUTHENTICATION, THE RETURN URL WILL REDIRECT THEM BACK..
    var returnUrl = Request["returnUrl"];
    if (returnUrl.IsEmpty()) {
        returnUrl = Href("~/");
    }
 
    //PROCCESS THE LOGIN
if (IsPost)
{
    username = Request["username"];
    password = Request["password"];
    rememberMe = Request["rememberMe"].AsBool();
 
      //MAKE SURE FORMS ARE NOT NULL
    if (username.IsEmpty())
    {
        ModelState.AddError("username", "Please enter your username");
    }
 
    if (password.IsEmpty())
    {
       ModelState.AddError("password", "Please enter your password");
    }
 
    //IF THE USER HAS MADE TOO MANY LOGIN ATTEMPTS (3) THEN THEIR ACCOUNT IS LOCKED OUT FOR 30 MINUTES THE TIME MUST BE UTC!! BECAUSE IN THE DATABASE THE TIME IS STORED AS UTC!!
    if (WebSecurity.UserExists(username) && WebSecurity.GetPasswordFailuresSinceLastSuccess(username) > 3 && WebSecurity.GetLastPasswordFailureDate(username).AddMinutes(30) > DateTime.UtcNow)
    {
        ModelState.AddFormError("Sorry your account is locked out for 30 minutes due to too many password failures");
  
    }
 
    //IF EVERYTHING IS GOOD LOGIN..
 if (ModelState.IsValid)
    {
   
        //MAKE SURE USER EXISTS
        if (WebSecurity.UserExists(username))
        {
            //CHECK IF ACCOUNT IS CONFIRMED (IF YOU REQUIRE USERS TO CONFIRM ACCOUNTS)
            if (WebSecurity.IsConfirmed(username))
            {
                //LOGIN
                  if (WebSecurity.Login(username, password, rememberMe))
                  {
                      Context.RedirectLocal(returnUrl);
                  }else{
                      ModelState.AddFormError("Inncorrect password");
                  }
            }else
            {
                ModelState.AddFormError("Please confirm your account first");
            }
 
        }else
        {
            ModelState.AddFormError("The username specified was not recognized");
        }
 
    }
 
}
 
}

By default, all ASP.NET login sessions will expire when the browser closes.

HTML Code

<!DOCTYPE html>
 
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <title></title>
    </head>
    <body>
        @Html.ValidationSummary(true)
 
        <form method="post">
              <div>
                  <label>UserName</label>
        <input type="text" name="username"/>
            @Html.ValidationMessage("username")
</div>
             <div>
                  <label>Password</label>
            <input type="password"  name="password"/>
            @Html.ValidationMessage("password")
                 </div>
 
                  <div>
                       <label>Remember Me?</label>
            <input type="checkbox" name="rememberMe" value="true" checked="@rememberMe"/>
                      </div>
 
            <input type="submit"/>
        
        
        </form>
 
    </body>
</html>

See Also

Logout

GeneratePasswordResetToken

ConfirmAccount